Online Platforms and Confidentiality Under the NRCPD Code: Guidance for Registrants and Trainees.

29 April 2020

This guidance was updated on Wed 29 April to make it clearer that NRCPD is not recommending any particular software or platform over any other. Those listed are given as examples.

With the onset of the COVID-19 pandemic, there has been a wholesale shift of work onto online platforms. We are aware of some registrants' concerns about delivering their services in this way, in particular the implications for confidentiality under the NRCPD Code of Conduct. This guidance sets out what you should consider in protecting confidential information, so that you are meeting the requirements of the Code and is applicable to all the NRCPD registers (save for a few practical differences between the different professions).

The Code expects professionals to treat private information confidentially and deliberate release would normally be a breach unless justified under the law or to prevent harm.

You should also take steps to protect from inadvertent release or from a deliberate attempt at unauthorised access by others. It is this that normally raises the concern that some online platforms are not sufficiently secure.

As professionals and businesses, you are expected to take reasonable steps to protect the information you receive. What is 'reasonable' will vary between businesses: an individual freelancer will not be expected to invest in secure platforms to the extent that a charity, agency provider or public body would. But you are expected as professionals to carry out research into the suitability of the tools you use, and this includes online platforms.

In making these judgments, it is expected that you take a proportionate balance of all the factors: platform security, platform usability and quality, cost, the sensitivity of the information, the number of people involved in the online space and their needs and capabilities; and the physical and device protections needed where people are located. This is not an exhaustive list and you can approach your professional associations for information on webinars, discussion forums and other ways to learn more to expand your skills in this area and which can count towards your CPD.

Under the Code, you are also expected to have the appropriate skills and experience for the assignments you undertake, so you should also consider training in order to ensure that you are competent in using the technology and not just in choosing it.

In situations where you are asked to provide the platform yourself for an assignment with another business as client, then you would need to weigh up the same factors as to the suitability of the platform you choose and include co-workers for the assignment in that deliberation where appropriate.

If you are using a platform provided by others, for example if you are employed or if you are engaged through an agency to do work for a public body with its own system, then that would normally shift the responsibility to the platform owner as long as you follow the user rules.

You should take care if you are relying on the consent of other parties to use more insecure means. Your client may be ok at the beginning of the call, but change their mind later or not understand the issues in the first place and so the consent needs to be informed and on-going.

Here are some simple steps you can take to minimise the risk of confidential information getting into the wrong hands when working online:

  • Ensure that you have suitable computer virus protection - free systems are likely to provide less protection than paid subscriptions.
  • Ensure that your computer cannot be accessed by anyone else.
  • Password protect your devices and make sure they are turned off when you're not working.
  • Set up an encrypted email system - for example Hushmail or SecureMail, but there are others, and you should research which is best for you.

If you wish to set up a secure communications platform for video work for yourself, you should do your own research to ensure that you can justify your choice under the NRCPD Code of Conduct or to meet GDPR regulations. There is much open source information available, such as review sites, online publications, journalism and discussion forums, as well as the Information Commissioner's website. You do not always have to pay for expert IT advice.

Other points to consider:

  • Ensure that you have a comfortable, private and confidential working space, free from distractions. Think about what is behind you on the wall. You might want to consider fitting a lock to your door to ensure confidentiality and prevent unprofessional interruptions.
  • Ensure that your computer screen is not visible to others and if you are hearing, use headphones to ensure your clients' voices cannot be heard by others.
  • Turning off all listening devices such as Alexa and Siri.
  • If you do not need confidential information after the assignment, you should ensure that it is removed from your devices.
  • Consider the terms of your contracts to ensure others are aware of and bound by the confidentiality requirements.
  • Make sure that your insurance covers online video work.

Zoom is perhaps the most prominent platform in the news and in usage at the moment. There are alternatives such as Signal, Jitsi, Google Hangouts, Skype for Business, Facetime and Teams - but not all will be suitable for you.

NRCPD does not prefer or recommend the use of one particular proprietary service over another. They are given as examples and you should carry out the research necessary to make a professional choice of those best suited to your needs.

Please tell us if you found this helpful or if you have any queries via: enquiries@nrcpd.org.uk

With thanks,

NRCPD.

Check the register

Find and contact a communication professional